Think GDPR Doesn't Apply To You? Think Again

General Data Protection Regulation (GDPR) is one of the hottest topics making the rounds right now. Before you immediately dismiss it as not being something you need to care about, take a minute to read through the rest of the article -- it may save you some major headaches come May 2018 and beyond.

So, let’s start with the basics -- what is GDPR? Isn’t it something that only compliance/risk people and lawyers have to worry about? The new regulation coming out of the EU is going to have a significant impact on organizations worldwide. The intent of the regulation is to protect personal information for individuals within the EU. Let’s pause for a second and let that sink in. As marketing professionals, are you collecting individuals' information through website forms, or perhaps even through badge scans at a conference? Your answer is likely yes, and that means you’re on the hook for complying with GDPR.

It’s important to note that while GDPR explicitly protects EU citizens' data, any organization collecting data on individuals, sharing data or selling products and services within the EU will be subject to adhering to the regulation.

Let me throw out two more important pieces of information: The regulation goes into effect May 2018 and the penalties for noncompliance are steep (up to 4% of gross revenue globally -- not just in the division/geographic region where the non-compliance occurs).

What do marketers need to pay attention to?

There’s a fair amount of ambiguity in the regulation, leaving it open to some interpretation. But the takeaway is that it will change the way you communicate and interact with your prospects and customers. And it’s not an option to ignore GDPR compliance.

While other parts of your organization will be focusing on other aspects of GDPR compliance, the key points marketers need to focus on include:

• Consent: A big part of compliance will be the ability to show explicit consent for using an individual’s data. As you collect personal data, it will have to be used for a specific purpose and consent will have to be given for each purpose. If someone does not wish to be contacted, you cannot contact them.

• The right to be forgotten: If an individual would like you to delete their data, you must do so upon request.

• Individual control: Individuals will have more control over what happens to their data, making third-party data more challenging to purchase and use.

• Accuracy: As part of the regulation, you will have to ensure that the data you have is up to date and accurate and is not being kept longer than necessary. To show this, you’ll need to have the ability to keep an audit trail of data collection and usage.

• Fines: As mentioned above, these are not insignificant. They can be up to €20 million or 4% of total annual revenue.